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Remarks 



Claims 1-21 and 23-27 have been rejected. Claims 1, 16-21, and 27 are amended. Claim 
12 is canceled. Reconsideration of this application as amended is respectfully requested. 

Claims 1-5, 10-12, 16-18, 21, 25, and 27 stand rejected under 35 U.S.C. 103 based on 
U.S. Patent No. 6,233,576 issued to Lewis ("Lewis") in view of European Patent Application 
Publ. No. 0 447 339 A2 by Janis ("Janis"). 

Lewis discloses: 



As a specific example of the operation of the authorization scheme, we 
can consider the case where the resource instance is a SNA 
communication link. Assume that the link is to a host computer called 
HOST1. The authorization files involved are as follows: 

. . . /SNAlink/class 

. . . /SNAlink/HOSTl/data 

. . . /SNAlink/HOSTl/attributes 

. . . /SNAlink/HOSTl/security 

A user wishing to administer the link needs both view and update 
authorization for the attributes of the link, which is identified as READ 
and WRITE access to the authorization file ... 
/SNAlink/HOSTl/attributes. 

A user needing to use the link to read data from the host would need 
READ access to . . . /SNAlink/HOSTl/data. 

A user needing to grant other users the ability to use or administer the link 
would need READ and WRITE authority to . . . 
/SNAlink/HOSTl/security. 

A user needing to enable other users grant and revoke access would need 
EXECUTE authority to the file . . . /SNAlink/HOSTl/security. 



(Column 1 1, line 56 through column 12, line 10). 
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Lewis does not disclose that "the clients comprise companies and individuals who are 
associated with respective companies, and the user permission is characterized as, in the case of 
a company, a company permission that applies to individuals associated with the company and, 
in the case of an individual, an individual permission that applies individually to the individual," 
as recited in claim 1 as amended. 

Janis discloses: 

Next, block 76 illustrates a query by the resource manager to one or more 
Reference Monitor applications which may exist within the distributed 
data processing system to determine whether or not an access control 
profile exists for the resource object or user in question. Block 78 then 
illustrates the logging of this access attempt at the Reference Monitor 
application. Such logging shall preferably include the storage of an 
identification of the particular user, the selected resource object and the 
stated intent of the user with regard to that particular resource object. 
Next, block 80 depicts the retrieval of the appropriate access control 
profile for the particular user or object in question. Block 82 then 
illustrates a determination of whether or not access to the selected resource 
object is permitted, in accordance with the information contained within 
the retrieved profile. 

(Column 7, lines 1-17). 

Janis does not disclose that "the clients comprise companies and individuals who are 
associated with respective companies, and the user permission is characterized as, in the case of 
a company, a company permission that applies to individuals associated with the company and, 
in the case of an individual, an individual permission that applies individually to the individual," 
as recited in claim 1 as amended. 

Even if Lewis and Janis were combined, the combination would neither teach nor suggest 
"the clients comprise companies and individuals who are associated with respective companies, 
and the user permission is characterized as, in the case of a company, a company permission that 
applies to individuals associated with the company and, in the case of an individual, an 



521 0 1 960. 1 /2024489-2244897040 



Patent 

Attorney Docket: EPI-027 US 
2244897040 

individual permission that applies individually to the individual/' as recited in claim 1 as 
amended. 

Therefore, applicants submit that claim 1, as amended, is patentable over Lewis in view 
of Janis. 

Applicants further submit that "the clients comprise companies and individuals who are 
associated with respective companies, and the user permission is characterized as, in the case of 
a company, a company permission that applies to individuals associated with the company and, 
in the case of an individual, an individual permission that applies individually to the individual" 
is disclosed only by applicants' own disclosure. Therefore, modifying the resource access 
authorization control of Lewis and the variable authority level user access of Janis to include 
"the clients comprise companies and individuals who are associated with respective companies, 
and the user permission is characterized as, in the case of a company, a company permission that 
applies to individuals associated with the company and, in the case of an individual, an 
individual permission that applies individually to the individual," as disclosed by the present 
disclosure constitutes impermissible hindsight. 

Applicants therefore submit that claim 1, as amended, is patentable over Lewis in view of 
Janis. Given that claims 2-1 1 and 13-15 depend from claim 1, as amended, applicants submit 
that these claims are also patentable over Lewis in view of Janis. 

Claim 16 stands rejected based on Lewis in view of Janis. 

Lewis and Janis, alone or in combination, neither disclose nor suggest "the clients 
comprise companies and individuals who are associated with respective companies, and the user 
permission is characterized as, in the case of a company, a company permission that applies to 
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individuals associated with the company and, in the case of an individual, an individual 
permission that applies individually to the individual," as recited in claim 16 as amended. 

Therefore, applicants submit that claim 16 as amended is patentable over Lewis in view 
of Janis. 

Claim 17 stands rejected based on Lewis in view of Janis. 

Lewis and Janis, alone or in combination, neither disclose nor suggest "the access 
permission or the grant permission with respect to at least one of the digital facilities is 
determined by a combination of an individual permission and a company permission," as recited 
in claim 17 as amended. 

Therefore, applicants submit that claim 17, as amended, is patentable over Lewis in view 
of Janis. 

Claim 18 stands rejected based on Lewis in view of Janis. 

Lewis and Janis, alone or in combination, neither disclose nor suggest "the user 
permission with respect to at least one of the digital facilities determined by a combination of an 
individual permission and a company permission," as recited in claim 18 as amended. 

Therefore, applicants submit that claim 18, as amended, is patentable over Lewis in view 
of Janis. 

Claim 18 stands rejected based on Lewis in view of Janis. 

Lewis and Janis, alone or in combination, neither disclose nor suggest "the grant 
permission with respect to at least one of the digital facilities determined by a combination of an 
individual permission and a company permission," as recited in claim 18 as amended. 

Therefore, applicants submit that claim 18, as amended, is patentable over Lewis in view 
of Janis. 
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Claim 21 stands rejected based on Lewis in view of Janis. 

Lewis and Janis, alone or in combination, neither disclose nor suggest "determining the 
permissions by a combination of an individual permission and a company permission," as recited 
in claim 21 as amended. 

Therefore, applicants submit that claim 21, as amended, is patentable over Lewis in view 
of Janis. Given that claim 25 depends from claim 21, as amended, applicants submit that claim 
25 is also patentable over Lewis in view of Janis. 

Claim 27 stands rejected based on Lewis in view of Janis. 

Lewis does not disclose "user profiles." Therefore, Lewis does not disclose "authorizing 
at least one user to create user profiles for other users," as recited in claim 27 as amended. Lewis 
further does not disclose "automatically making a user who creates a profile for another user or 
for a company, a manager of the profile of the other user or the company" as recited in claim 27 
as amended. 

Janis discloses an "access control profile for the particular user or object in question." 
However, Janis does not disclose "authorizing at least one user to create user profiles for other 
users," as recited in claim 27 as amended. Janis further does not disclose "automatically making 
a user who creates a profile for another user or for a company, a manager of the profile of the 
other user or the company" as recited in claim 27 as amended. 

Even if Lewis and Janis were combined, the combination would neither teach nor suggest 
"authorizing at least one user to create user profiles for other users," as recited in claim 27 as 
amended. The combination would also neither teach nor suggest "automatically making a user 
who creates a profile for another user or for a company, a manager of the profile of the other user 
or the company" as recited in claim 27 as amended. 
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Therefore, applicants submit that claim 27, as amended, is patentable over Lewis in view 
of Janis. 

Claims 6-9, 19-20, and 23 stand rejected under 103 based on Lewis in view of Janis and 
further in view of U.S. Patent No. 6,178,505 issued to Schneider et al. ("Schneider"). 

Lewis and Janis, alone or in combination, neither disclose nor suggest "the clients 
comprise companies and individuals who are associated with respective companies, and the user 
permission is characterized as, in the case of a company, a company permission that applies to 
individuals associated with the company and, in the case of an individual, an individual 
permission that applies individually to the individual," as recited in claim 1 as amended. 

Schneider discloses: 

For example, an employee who has a portable computer that is connected 
to internet 1 1 1 has the necessary encryption and authentication capabilities 
can use the virtual private network to securely retrieve data from a 
computer system in one of the internal networks. 

(Column 4, lines 58-62). 

Schneider does not disclose "the clients comprise companies and individuals who are 
associated with respective companies, and the user permission is characterized as, in the case of 
a company, a company permission that applies to individuals associated with the company and, 
in the case of an individual, an individual permission that applies individually to the individual," 
as recited in claim 1 as amended. 

Even if Lewis, Janis, and Schneider were combined, the combination would neither teach 
nor suggest "the clients comprise companies and individuals who are associated with respective 
companies, and the user permission is characterized as, in the case of a company, a company 
permission that applies to individuals associated with the company and, in the case of an 
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individual, an individual permission that applies individually to the individual," as recited in 
claim 1 as amended. 

Therefore, applicants submit that claim 1, as amended, is patentable over Lewis in view 
of Janis and further in view of Schneider. Given that claims 6-9 depend from claim 1, as 
amended, applicants submit that these claims are also patentable over Lewis in view of Janis and 
further in view of Schneider. 

Claim 19 stands rejected based on Lewis in view of Janis and Schneider. 

Lewis, Janis, and Schneider, alone or in combination, neither disclose nor suggest 
"authorizing at least one individual to create an individual profile for another individual, and 
automatically making an individual who creates an individual profile for another individual a 
manager of the profile of the other individual," as recited in claim 19 as amended. 

Therefore, applicants submit that claim 19, as amended, is patentable over Lewis in view 
of Janis and Schneider: 

Claim 20 stands rejected based on Lewis in view of Janis and Schneider. 

Lewis, Janis, and Schneider, alone or in combination, neither disclose nor suggest 
"authorizing at least one user to create a user profile for another user, and automatically making 
an individual who creates a user profile for another user a manager of the profile of the other 
user." as recited in claim 20 as amended. 

Therefore, applicants submit that claim 20, as amended, is patentable over Lewis in view 
of Janis and Schneider. 

Claim 23 stands rejected based on Lewis in view of Janis and Schneider. 
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Lewis, Janis, and Schneider, alone or in combination, neither disclose nor suggest 
"determining the permissions by a combination of an individual permission and a company 
permission/ 5 as recited in claim 21 as amended. 

Therefore, applicants submit that claim 21, as amended, is patentable over Lewis in view 
of Janis and Schneider. Given that claim 23 depends from claim 21, as amended, applicants 
submit that this claim is also patentable over Lewis in view of Janis and Schneider. 

Claims 13-15, 24, and 26 stand rejected under 35 U.S.C. 103 based on Lewis in view of 
Janis and further in view of U.S. Patent No. 5,173,939 issued to Abadi et al. ("Abadi"). 

Lewis and Janis, alone or in combination, neither disclose nor suggest "the clients 
comprise companies and individuals who are associated with respective companies, and the user 
permission is characterized as, in the case of a company, a company permission that applies to 
individuals associated with the company and, in the case of an individual, an individual 
permission that applies individually to the individual," as recited in claim 1 as amended. 

Abadi discloses: 

A distributed computer system has a number of computers coupled thereto 
at distinct nodes and a naming service with a membership table that 
defines a list of assumptions concerning which principals in the system are 
stronger than other principals, and which roles adopted by principals are 
stronger than other roles. Each object in the system has an access control 
list (ACL) having a list of entries. Each entry is either a simple principal 
or a compound principal. The set of allowed compound principals is 
limited to a predefined set of allowed combinations of simple principals, 
roles, delegations and conjunctions in accordance with a defined 
hierarchical ordering of the conjunction, delegation and role portions of 
each compound principal. The assumptions in the membership table 
reduce the number of entries needed in an ACL by allowing an entry to 
state only the weakest principals and roles that are to be allowed access. 
The reference checking process, handled by a reference monitor found at 
each node of the distributed system, grants an access request if the 
requestor is stronger than any one of the entries in the access control list 
for the resource requested. Furthermore, one entry is stronger than another 
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entry if for each of the conjuncts in the latter entry there is a stronger 
conjunct in the former. Additional rules used by the reference monitor 
during the reference checking process govern the processes of comparing 
conjuncts in a requestor principal with the conjuncts in an access control 
list entry and of using assumptions to compare the relative strengths of 
principals and roles. 

(Abstract). Abadi does not disclose "the clients comprise companies and individuals who are 
associated with respective companies, and the user permission is characterized as, in the case of 
a company, a company permission that applies to individuals associated with the company and, 
in the case of an individual, an individual permission that applies individually to the individual," 
as recited in claim 1 as amended. 

Even if Lewis, Janis, and Abadi were combined, the combination would neither teach nor 
suggest "the clients comprise companies and individuals who are associated with respective 
companies, and the user permission is characterized as, in the case of a company, a company 
permission that applies to individuals associated with the company and, in the case of an 
individual, an individual permission that applies individually to the individual," as recited in 
claim 1 as amended. 

Therefore, applicants submit that claim 1, as amended, is patentable over Lewis in view 
of Janis and Abadi. Given that claims 13-15 depend from claim 1 as amended, applicants submit 
that these claims are also patentable over Lewis in view of Janis and Abadi. 

Claims 24 and 26 stand rejected based on Lewis in view of Janis and Abadi. 

Lewis, Janis, and Abadi, alone or in combination, neither disclose nor suggest 
"determining the permissions by a combination of an individual permission and a company 
permission," as recited in claim 21 as amended. 
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Therefore, applicants submit that claim 21, as amended, is patentable over Lewis in view 
of Janis and Abadi. Given that claims 24 and 26 depend from claim 21 as amended, applicants 
submit that these claims are also patentable over Lewis in view of Janis and Abadi. 

Conclusion 

On the basis of the above remarks, reconsideration and allowance of the claims is 
believed to be warranted and such action is respectfully requested. If the Examiner has any 
questions or comments, the Examiner is respectfully urged to contact the undersigned at the 
number listed below. 

DATE: February 13,2003 Respectfully submitted, 




Registration No. 39,377 



Bingham McCutchen LLP 
Three Embarcadero Center, Suite 1800 
San Francisco, California 941 1 1 
Telephone: (650) 849-4422 
Telefax: (650)849-4800 



Express Mail Label No. 
EV 154 656 574 US 
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Attachment A 
Version with markings to show changes made 

1 . (Twice Amended) A method comprising 

making at least one digital facility available from a source to clients via an 
electronic communication medium, 

associating with at least one of the clients an access permission that enables the 
client to access at least one of the digital facilities, 

associating with at least one of the clients a grant permission that enables the 
client to give to another client a user permission with respect to at least one of the digital 
facilities, and 

creating a client profile for each of the clients, each of said client profiles 
including permission information with respect to the corresponding client , wherein the 
clients comprise companies and individuals who are associated with respective 
companies, and the user permission is characterized as, in the case of a company, a 
company permission that applies to individuals associated with the company and, in the 
case of an individual, an individual permission that applies individually to the individual . 

16. (Twice Amended) A medium storing a software program that is capable of configuring a 
machine to: 

make at least one digital facility available from a source to clients via an 
electronic communication medium, 

associate with at least one of the clients an access permission that enables the 
client to access at least one of the digital facilities, 
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associate with at least one of the clients a grant permission that enables the client 
- to give to another client a user permission with respect at least one of the digital 
facilities, and 

create a client profile for each of the clients, each of said client profiles including 
permission information with respect to the corresponding client , the clients comprise 
companies and individuals who are associated with respective companies, and the user 
permission is characterized as, in the case of a company, a company permission that 
applies to individuals associated with the company and, in the case of an individual, an 
individual permission that applies individually to the individual . 

1 7 . (Amended) Apparatus comprising 

means for making at least one digital facility available from a source to users via 
an electronic communication medium, 

means for associating with at least one of the users an access permission that 
enables the user to access at least one of the digital facilities, 

means for associating with at least one of the users a grant permission that 
enables the user to give to another user a permission with respect at least one of the 
digital facilities, the access permission or the grant permission with respect to at least one 
of the digital facilities is determined by a combination of an individual permission and a 
company permission, and 

means for creating a user profile for each of the users, each of said user profiles 
including permission information with respect to the corresponding user. 
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18. (Twice Amended) Apparatus comprising 

a source of digital facilities, 

an electronic communication medium coupled between the source and users to 
make at least one of the digital facilities available to the users, and 

storage means containing user profiles for each of the users, said user profile of 
each user including 

access information regarding the power of the user to access at least one 
of the digital facilities and 

grant information regarding the power of the user to grant a permission to 
another user with respect to at least one of the digital facilities , the grant 
permission with respect to at least one of the digital facilities determined by a 
combination of an individual permission and a company permission . 

1 9. (Amended) A method comprising 

making business information of a portal-providing company available to 
individuals using a web server and web browsers, 

associating with at least one of the individuals an access permission that enables 
the individual to access the business information, 

associating with at least one of the individuals a grant permission that enables the 
individual to give to another individual a permission with respect to the business 
information, [and] 

creating a user profile for each of the individuals, each of said user profiles 
including permission information with respect to the corresponding individual 
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authorizing at least one individual to create an individual profile for another 
individual and 

automatically making an individual who creates an individual profile for another 
individual a manager of the profile of the other individual . 

20. (Twice Amended) A method comprising 

providing a web site, 

using the web site, interacting with web browsers of users, 

in response to a request from a user to the web site, determining if the user has 

permission to have the request served in accordance with permission information 

contained in a user profile of the user, 

enabling, in accordance with permission information contained in a granting 

user's user profile, one of the users to grant to another of the users selectively either only 

a permission to have a particular type of request served, only a permission to grant other 

users the ability to grant permissions, or both^ 

authorizing at least one user to create a user profile for another user, and 
automatically making an individual who creates a user profile for another user a 

manager of the profile of the other user . 

2 1 . (Twice Amended) A method comprising 

maintaining a database of information that associates each user of a digital facility 
available from a source with permissions that define the rights of the user to access the 
digital facility or to grant to other users the rights with respect to the digital facility, or 
both, 
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determining the permissions by a combination of an individual permission and a 
company permission. 

creating user profiles for each of the users in the database, each user profile 
containing the access and grant permission information of the corresponding user, and 

enabling a user who have the permission to do so, to alter the permissions 
associated with the user. 
27. (Amended) A method comprising 

making at least one digital facility available from a source to users via an 
electronic communication medium, 

maintaining a database of user profiles that define permissions of users and 
companies to access the digital facility^ 

authorizing at least one user to create user profiles for other users, and 
automatically making a user who creates a user profile for another user or for a company, a 
manager of the profile of the other user or the company . 
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